Chapter 3Network Services

Adapted from slides for Computer Networking: A Top Down Approach, 5th edition. Jim Kurose, Keith RossAddison-Wesley, April 2009.

Network Services

OUTLINE

Review Network services

Name services: DNS Configuration services: DHCP Email services

Network Services

Supernetting, or CIDR

Goal: Solve problem of routing table explosion Exhaustion of class B network address space

A way to aggregate multiple Internet addresses of same class (A, B, C) E.g., network address 192.168.2.0/24 and

192.168.3.0/24 can be merged into 192.168.2.0/23

Often used to combine class C address Note: two ways to indicate length of

network part and host part of IP address

Network Services

Forwarding Ex. with Subnet Masks• Routing Table:

SubnetNumber SubnetMask NextHop

128.96.170.0 255.255.254.0 Intface 0

128.96.168.0 255.255.254.0 Intface 1

128.96.166.0 255.255.254.0 R2

128.96.164.0 255.255.252.0 R3

Default R4D = Dest IP Address For each table entry (subnetNumber, SubnetMask, NextHop)If (D & SubnetMask == SubnetNumber) if NextHop is an interface forward datagram to the interface else deliver datagram to NextHop (a router)

Forwardingpseudocode

[zhang@storm ~]$ netstat -rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt

Ifacedefault 150.108.68.1 0.0.0.0 UG 0 0 0

em1150.108.68.0 * 255.255.255.0 U 0 0 0

em1192.168.122.0 * 255.255.255.0 U 0 0 0

virbr0

Kernel routing table

Network Services

Value against which dest IP addr is matched

Route to use to reachspecified dest., * or all 0sff dest is directly connected

Address maskto use

U: up and runningH: route to a host (not to a network)G: the route uses an external gatewayR, D, M:

name of interface through which the dest is reachable

Network 150.108.68.0/255.255.255.0is reachable directly through em1

Newer command

[zhang@storm ~]$ ip routedefault via 150.108.68.1 dev em1 proto static150.108.68.0/24 dev em1 proto kernel scope link src 150.108.68.26

metric 1192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1

Network Services

Use CIDR address: IP address/length of network part

Getting a datagram from source to dest.

Dest. Net. next router Nhops

223.1.1 1223.1.2 223.1.1.4 2223.1.3 223.1.1.4 2

Starting at A, dest. E: look up network address of

E in forwarding table E on different network

A, E not directly attached

routing table: next hop router to E is 223.1.1.4

link layer sends datagram to router 223.1.1.4 inside link-layer frame

datagram arrives at 223.1.1.4

continued…..

miscfields

223.1.1.1223.1.2.3 data

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2223.1.3.1

223.1.3.27

A

BE

forwarding table in A

Network Services

Network Services

ARP Protocol

Link layer does not understand IP address Need to map IP address to MAC address

ARP: Address Resolution Protocol (RFC826) Node sends broadcast looking for another node

• 140.192.23.1 broadcasts looking for 140.192.23.23 Node replies with MAC address

• 140.192.23.23 replies with 00600A34AA3C

… now IP layer can pass MAC address to Link Layer to forward the packet (datagram) to …

Command “arp” : display ARP table kept by ARP software on a host ARP Table: contains records of learned relationships.

OUTLINE

Review Network services

Name services: DNS Configuration services: DHCP Email services

Network Services

Name services

“a name indicates what we seek. An address indicates where it is. A route indicates how to get there.”

Name, i.e., host name Variable length and mnemonic

Name service: maps user-friendly names into router-friendly addresses, i.e., IP address.

Network Services

A little of history

A central authority, Network Information Center (NIC) maintains a flat table of name-to-address bindings, named “hosts.txt”

To add a new host to internet, administrator sent an email to NIC, containing hostname/addr pair

Every few days, NIC mailed out hosts.txt to every administrator, who updated the table on every host

Network Services

Today: Domain Name System

Keys: A hierarchical name space, rather than a

flat name space• Similar to Unix file system

“table” of bindings is partitioned into disjoint pieces and distributed throughout the Internet

Network Services

Root DNS Servers

com DNS servers org DNS servers edu DNS servers

poly.eduDNS servers

umass.eduDNS servers

yahoo.comDNS servers

amazon.comDNS servers

pbs.orgDNS servers

Distributed, Hierarchical Database

client wants IP for www.amazon.com; 1st approx: client queries a root server to find com DNS server client queries com DNS server to get amazon.com DNS

server client queries amazon.com DNS server to get IP address

for www.amazon.com

Network Services

DNS: Root name servers contacted by local name server that can not resolve name root name server:

contacts authoritative name server if name mapping not known

gets mapping returns mapping to local name server

13 root name servers worldwideb USC-ISI Marina del Rey, CA

l ICANN Los Angeles, CA

e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 36 other locations)

i Autonomica, Stockholm (plus 28 other locations)

k RIPE London (also 16 other locations)

m WIDE Tokyo (also Seoul, Paris, SF)

a Verisign, Dulles, VAc Cogent, Herndon, VA (also LA)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 21 locations)

Application 2-14Network Services

TLD and Authoritative Servers

Top-level domain (TLD) servers: responsible for com,

org, net, edu, aero, jobs, museums, and all top-level country domains, e.g.: uk, fr, ca, jp

Network Solutions maintains servers for com TLD

Educause for edu TLD

Network Services

TLD and Authoritative Servers

Authoritative DNS servers: organization’s DNS

servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web, mail).

can be maintained by organization or service provider

Network Services

DNS services hostname to IP address translation host aliasing

Canonical, alias names mail server aliasing

xxx@fordham.edu ? Which host(s) in fordham.edu domain takes care of email forwarding, i.e., are email server?

Can we look up using nslookup? load distribution

replicated Web servers: set of IP addresses for one canonical name

Network Services

Root DNS Servers

com DNS servers org DNS servers edu DNS servers

poly.eduDNS servers

umass.eduDNS servers

yahoo.comDNS servers

amazon.comDNS servers

pbs.orgDNS servers

Distributed, Hierarchical Database

client wants IP for www.amazon.com; 1st approx: client queries a root server to find com DNS server client queries com DNS server to get amazon.com DNS server client queries amazon.com DNS server to get IP address for

www.amazon.comHow did client locate root server? Or resolve name of the server

that knows how to resolve names? Through a local name server

Network Services

Local Name Server

does not strictly belong to DNS name server hierarchy

each ISP (residential ISP, company, university) has one also called “default name server”

when host makes DNS query, query is sent to its local DNS server acts as proxy, forwards query into hierarchy

How does a host figure out what’s the local name server?

Network Services

requesting hostcis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS serverdns.poly.edu

1

23

4

5

6

authoritative DNS serverdns.cs.umass.edu

78

TLD DNS server

DNS name resolution example

host at cis.poly.edu wants IP address for gaia.cs.umass.edu

iterated query: contacted server

replies with name of server to contact

“I don’t know this name, but ask this server”

Network Services

requesting hostcis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS serverdns.poly.edu

1

2

45

6

authoritative DNS serverdns.cs.umass.edu

7

8

TLD DNS server

3recursive query: puts burden of

name resolution on contacted name server

heavy load?

DNS name resolution example

Network Services

DNS: caching and updating records once (any) name server learns mapping, it

caches mapping cache entries timeout (disappear) after

some time TLD servers typically cached in local name

servers• Thus root name servers not often visited

update/notify mechanisms proposed IETF standard RFC 2136

Network Services

DNS records

DNS: distributed db storing resource records (RR)

Type=NS name is domain (e.g.,

foo.com) value is hostname of

authoritative name server for this domain

RR format: (name, value, type, ttl)

Type=A name is hostname value is IP address

Type=CNAME name is alias name for some

“canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name

Type=MX value is name of

mailserver associated with name

Network Services

Inserting records into DNS

example: new startup “Network Utopia” register name networkuptopia.com at DNS

registrar (e.g., Network Solutions) provide names, IP addresses of authoritative name

server (primary and secondary) registrar inserts two RRs into com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)

create authoritative server Type A record for www.networkuptopia.com; Type MX record for networkutopia.com

Network Services

Configuration of DNS

In Unix, BIND (Berkeley Internet Name Domain) implement DNS Client side: the resolver that generates/and

send queries Server side: answer resolver’s question, a

daemon called “named” Other name services:

/etc/hosts: mapping from host name to IP address

NIS (network Information services) Chapter 8,9

Network Services

OUTLINE

Review Network services

Name services: DNS Configuration services: DHCP Email services

Network Services

Configuration servers

Allow network administrator to control TCP/IP configuration from a central point

RARP: Reverse Address Resolution Protocol For a host to find out its IP address from MAC

address Obsolete

BOOTP: replace RARP, and provide more service

DHCP: replace BOOTP Compatible with BOOTP

Network Services

DHCP overview

Uses UDP port 67 and 68 DHCP can return more than just allocated

IP address on subnet: address of first-hop router for client name and IP address of DNS sever network mask (indicating network versus

host portion of address) A complete set of TCP/IP configuration

values! Permits automated allocation of IP

addressesNetwork Services

Network Services

DHCP: different address assignment schemes Permanent fixed addresses

For name servers, email servers, … Manual allocation: CIS Ethernet in RH Automatic allocation Dynamic allocation: WiFi networks of

Fordham, CIS dept. Server assigns an address to a DHCP client

for a limited period of time (lease). Client can return the lease earlier, but has to

request an extension if needed (longer than permitted time)

Network Services

DHCP: Dynamic Host Configuration Protocol

Goal: allow host to dynamically obtain its IP address from network server when it joins networkCan renew its lease on address in useAllows reuse of addresses (only hold address while connected an “on”)Support for mobile users who want to join network (more shortly)

DHCP overview: host broadcasts “DHCP discover” msg [optional] DHCP server responds with “DHCP offer” msg [optional] host requests IP address: “DHCP request” msg DHCP server sends address: “DHCP ack” msg

Network Services

DHCP client-server scenario

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2223.1.3.1

223.1.3.27

A

BE

DHCP server

arriving DHCP

client needs

address in this

network

Network Services

DHCP client-server scenarioDHCP server: 223.1.2.5 arriving

client

time

DHCP discover

src : 0.0.0.0, 68

dest.: 255.255.255.255,67

yiaddr: 0.0.0.0

transaction ID: 654

DHCP offer

src: 223.1.2.5, 67

dest: 255.255.255.255, 68

yiaddrr: 223.1.2.4

transaction ID: 654

Lifetime: 3600 secsDHCP request

src: 0.0.0.0, 68

dest:: 255.255.255.255, 67

yiaddrr: 223.1.2.4

transaction ID: 655

Lifetime: 3600 secs

DHCP ACK

src: 223.1.2.5, 67

dest: 255.255.255.255, 68

yiaddrr: 223.1.2.4

transaction ID: 655

Lifetime: 3600 secs

OUTLINE

Review Network services

Name services: DNS Configuration services: DHCP Email services

Network Services

Good online resources

Share with the class your favorite links! TCP/IP Guide

http://www.tcpipguide.com/free/index.htm

Network Services

Origion of telnet

During late 1960s (before PCs) Large computers shared by many

users Accessed via a physical terminal

(specially tailored to the host) connected to that machine

Problems Diff. terminals for accessing

different computers to remotely to access a computer,

one use dedicated data circuit connecting terminal and host

Network Services

History of telnet (2)

Solution: a more general way of allowing any terminal to access any computer underlying internetwork provide mechanism

for communicating information between computers

• physical network connecting sites• TCP/IP protocol suite connecting networks.

an application protocol, telnet: allow a user to establish a session to any networked computer

Network Services

Telnet?

Application layer protocol Software that implements client part of

the protocol. Telnet client applications are available for

virtually all computer platforms On erdos, command “telnet” On your PC, command “telnet” …

Network Services

To telnet?

To telnet means to establish a connection to a device using Telnet protocol via telnet program "To change your password, telnet to the

server, login and run passwd command“ Most often, a user telnet to a Unix-

like server system or a network device (such as a router) and obtain a login prompt to a command line text interface

Network Services

telnet protocol (app. layer), RFC 854 Support a bidirectional interactive,

text-oriented communication data is interspersed with control

information in a data connection over TCP

• Recall TCP: reliable, in order delivery, connection-oriented; flow control; congestion control

Session oriented: communication of data and commands between client and server over a prolonged period of time

Network Services

Telnet: overall function

client/server paradigm telnet client: a program that acts as an

interface to user process keystrokes and user commands present output from remote machine

telnet server: a program running on a remote computer that has been set up to allow remote sessions

Network Services

telnet: how does it work? Server listens for connections on TCP

port number 23 a client initiates a TCP connection to

server set up a TCP connection using TCP three-way

handshake. TCP connection is maintained for duration of

Telnet session server support multiple simultaneous

sessions with different users, differentiating them using IP address and port number of client.

Network Services

telnet: how does it work?

client and server software provide user an interface to remote host. For client: telnet session appears same as

sitting down at a terminal directly connected to remote host.

Server begin user’s session with a login prompt to ask for a user name and password.

Client will accept this information from the user and send it to the server.

• user will be logged in and can use host in whatever manner his or her account authorizes.

Network Services

telnet usage: remote login

So far: telnet provided access to a command-line interface on a remote host Most network equipment and operating

systems with a TCP/IP stack support a Telnet service for remote configuration

Due to security issues, its use for this purpose has waned in favor of SSH. Demo of PuTTY

Network Services

telnet usage: others

a host of other TCP/IP protocols uses telnet to exchange message

Therefore, telnet client can be used to connect to servers of such protocols,

including SMTP, HTTP, POP useful for diagnostic purposes!

Network Services

Telnet as a diagnostic tool

telnet to access other application servers Specify port number corresponding to the

service• telnet www.someserversomewhere.org 80

You will not receive a login prompt, but instead the server will wait for you to send an HTTP Request message, as if you were a Web browser.

If you enter a valid request, the server will send you an HTTP Response message.

Network Services

Electronic Mail

Three major components: user agents mail servers simple mail transfer protocol:

SMTP

User Agent a.k.a. “mail reader” composing, editing, reading

mail messages e.g., Outlook, elm, Mozilla

Thunderbird, iPhone mail client

outgoing, incoming messages stored on server

user mailbox

outgoing message queue

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP

Network Services

Electronic Mail: mail servers

Mail Servers mailbox contains incoming

messages for user Often maintained as a file

message queue of outgoing (to be sent) mail messages

SMTP protocol between mail servers to send email messages client: sending mail

server “server”: receiving mail

server

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP

Network Services

Electronic Mail: SMTP [RFC 2821]

uses TCP to reliably transfer email message from client to server, port 25

direct transfer: sending server to receiving server three phases of transfer

handshaking (greeting): HELO transfer of messages: DATA Closure: QUIT

command/response interaction commands: ASCII text response: status code and phrase

messages must be in 7-bit ASCII

Network Services

Scenario: Alice sends message to Bob1) Alice uses UA to compose

message and “to” bob@someschool.edu

2) Alice’s UA sends message to her mail server; message placed in message queue

3) Client side of SMTP opens TCP connection with Bob’s mail server

4) SMTP client sends Alice’s message over the TCP connection

5) Bob’s mail server places the message in Bob’s mailbox

6) Bob invokes his user agent to read message

useragent

mailserver

mailserver user

agent

1

2 3 4 56

Network Services

Sample SMTP interaction S: 220 hamburger.edu C: HELO crepes.fr S: 250 Hello crepes.fr, pleased to meet you C: MAIL FROM: <alice@crepes.fr> S: 250 alice@crepes.fr... Sender ok C: RCPT TO: <bob@hamburger.edu> S: 250 bob@hamburger.edu ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: Do you like ketchup? C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 hamburger.edu closing connection

End of date (email body) Network Services

Try SMTP interaction for yourself:

telnet servername 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT

commands above lets you send email without using email

client (reader)

Network Services

Mail message format

SMTP: protocol for exchanging email msgs

RFC 822: standard for text message format: header lines, e.g.,

• To:• From:• Subject:• different from SMTP commands!

body• the “message”, ASCII characters only

MIME: Multiple Purpose Internet Mail Extensions Carrying data of various forms: text,

application (binary data), image, video, audio, messaeg, …

Multiple objects within an email

header

body

blankline

Network Services

Mail access protocols

SMTP: delivery/storage to receiver’s server mail access protocol: retrieval from server

POP: Post Office Protocol [RFC 1939]• authorization (agent <-->server) and download

IMAP: Internet Mail Access Protocol [RFC 1730]• more features (more complex)• manipulation of stored msgs on server

HTTP: gmail, Hotmail, Yahoo! Mail, etc.

useragent

sender’s mail server

useragent

SMTP SMTP accessprotocol

receiver’s mail server

Network Services

POP3 protocol

authorization phase client commands:

user: declare username pass: password

server responses +OK -ERR

transaction phase, client: list: list message numbers retr: retrieve message by

number dele: delete quit

C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off

S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on

Network Services

POP3 (more) and IMAPmore about POP3 previous example

uses “download and delete” mode.

Bob cannot re-read e-mail if he changes client

“download-and-keep”: copies of messages on different clients

POP3 is stateless across sessions

IMAP keeps all messages in

one place: at server allows user to

organize messages in folders

keeps user state across sessions: names of folders and

mappings between message IDs and folder name

Network Services

OUTLINE

Review Network services

Name services: DNS Configuration services: DHCP Email services

Network Services

57

Protocol Analysis Protocol: defines rules of exchange between a

pair (or more) machines over a communication network HTTP (Hypertext Transfer Protocol)

• Defines how web pages are fetched and sent across a network

TCP (Transmission Control Protocol)• Provides reliable, in-order delivery of a stream of bytes

Verify correctness Debug/detect incorrect behavior Analyze performance Gain deeper understanding of existing protocols

by “seeing” how they behave in actual use

58

Analysis Methods

Instrument the code Difficult task, even for experienced network

programmers Tedious and time consuming

Use available tools tcpdump / tshark Wireshark ipsumdump

Write your own tool libpcap

59

Wireshark System Overview

60

Tools overview Tcpdump

Unix-based command-line tool used to intercept packets

Reads “live traffic” from interface specified using -i option …

… or from a previously recorded trace file specified using -r option

• Created when capturing live traffic using -w option

Tshark: tcpdump-like capture program that comes w/ Wireshark

Wireshark: GUI for displaying tcpdump/tshark packet traces

61

Cheat Sheet – Commonly Used tshark Options -w <filename> Write raw packets to

specified file instead of parsing and printing them out. save a packet capture session and run

multiple filters against it later -r <filename> Read packets from

specified file instead of live capture. The file should have been created with –w

option

62

tshark example

63

Output from Tshark 1190003744.940437 61.184.241.230 -> 128.32.48.169

SSH Encrypted request packet len=481190003744.940916 128.32.48.169 -> 61.184.241.230

SSH Encrypted response packet len=481190003744.955764 61.184.241.230 -> 128.32.48.169

TCP 6943 > ssh [ACK] Seq=48 Ack=48 Win=65514 Len=0 TSV=445871583 TSER=632535493

1190003745.035678 61.184.241.230 -> 128.32.48.169 SSH Encrypted request packet len=48

1190003745.036004 128.32.48.169 -> 61.184.241.230 SSH Encrypted response packet len=48

1190003745.050970 61.184.241.230 -> 128.32.48.169 TCP 6943 > ssh [ACK] Seq=96 Ack=96 Win=65514 Len=0 TSV=445871583 TSER=632535502

64

Filters

Use filters to capture only packets of interest to us

1. Capture only udp packets• tshark “udp”

2. Capture only tcp packets• tshark “tcp”

65

Filters: example

1. Capture only UDP packets with destination port 53 (DNS requests)

• tshark “udp dst port 53”

2. Capture only UDP packets with source port 53 (DNS replies)

• tshark “udp src port 53”

3. Capture only UDP packets with source or destination port 53 (DNS requests and replies)

• tshark “udp port 53”

66

Filters: example

1. Capture only packets destined to storm.cis.fordham.edu

• tshark “dst host storm.cis.fordham.edu”

2. Capture both DNS packets and TCP packets to/from quasar.cs.berkeley.edu

• tshark “(tcp and host storm.cis.fordham.edu) or udp port 53”

67

Cheat Sheet – Writing Filters (1) Specifying the hosts we are interested in

“dst host <name/IP>” “src host <name/IP>” “host <name/IP>” (either source or

destination is name/IP) Specifying the ports we are interested in

“dst port <number>” “src port <number>” “port <number>” Makes sense only for TCP and UDP packets

68

Cheat Sheet – Writing Filters (2) Specifying ICMP packets

“icmp” Specifying UDP packets

“udp” Specifying TCP packets

“tcp”

69

Cheat Sheet – Writing Filters (2) Combining filters

and (&&) or (||) not (!)

Example: All tcp packets which are not from or to host

storm.cis.fordham.edutcpdump “tcp and ! host quasar.cs.berkeley.edu”

Lots of examples in the EXAMPLES section of the man page

70

Security/Privacy Issues

Tcpdump/tshark/wireshark allow you to monitor other people’s traffic WARNING: Do NOT use these to violate

privacy or security Use filtering to restrict packet

analysis tshark –p //Don’t capture in promiscous mode tcpdump –s 0 –w all_pkts.trace tcp port 7788

71

Other Useful Tools

IPsumdump Handy “Swiss army knife” for displaying in

ASCII fields of interest in packet trace files summarizes TCP/IP dump files into a self-

describing ASCII format easily readable by humans and programs.

72

Wireshark Interface (online tutorial)

Wireshark display filter expr

One can build quite complex filter expressions compare values in packets as well as

combine expressions into more specific expressions

For examples see: Wireshark Wiki Display Filter http://wiki.wireshark.org/DisplayFilters.

Display filter fields Every field in packet details pane can be

used as a filter string• filter string: tcp will show all packets containing tcp

protocolNetwork Services

Comparison operator

ip.src==10.0.0.5 ip.src!=10.0.0.5 frame.len > 10 frame.len < 128 frame.len ge 0x100 frame.len <= 0x20

Network Services

Logic operations

ip.src==10.0.0.5 and tcp.flags.fin ip.scr==10.0.0.5 or ip.src==192.1.1.1 tr.dst[0:3] == 0.6.29 xor tr.src[0:3] ==

0.6.29 not llc

Network Services

Enter filter using dialog

Network Services

Exercises

Network Services